Zoom is surging in popularity, as people look for easy ways to make conference calls. Is Zoom really all that bad?
Well no, actually it’s not. I mean, things could be much worse. And there’s very good reasons why Zoom is becoming a massive success story.
What are some of those privacy concerns?
There’s been plenty of small issues over the last two years or so. So, if you look at the history of Zoom, they’ve had real security vulnerabilities in there, including code execution vulnerabilities. But they’ve been fairly responsive in figuring those out after they’ve been reported, and they’ve fixed them.
Just during the pandemic there’ve been pretty big reports about how whenever you start a Zoom call, Zoom reports it to Facebook. Which was true, and they’ve already fixed that. It didn’t seem to be on purpose. And now we’ve been getting reports about cases where when you send messages over the Zoom chat, these can be used to make you click on things which will execute files on your own computers or maybe try to make your Windows computer try to log into a remote Windows computer, which can expose some of your credentials, although in encrypted format, but nevertheless.
So are there any tips for users for making the Zoom conference calls more secure?
Well, yeah. There are things users can do, and there’s things Zoom can do. And, Zoom has already made an announcement that they are now enacting a feature freeze, and they are shifting all their engineering resources to only work on trust, safety and privacy. So whatever new features they were planning on putting out next are on hold, and all their engineering, all their coders, all their testers, are trying to make the product better regarding security and privacy.
Okay. So is there anything you’d say to the users of Zoom?
Sure. Users can do things as well. There are different kinds of things. One of them is to avoid what’s known as Zoom bombing. Zoom bombing means that you are in the middle of a meeting and then some outsider finds your meeting and just drops in. There are reasons why people can do this. One of the reasons is because they find your meeting ID because you posted it in a public place. And meeting IDs can either be numbers, that’s nine numbers in a row, or it can be a name for some registered users. And if your meeting ID is public, if there’s no password on the meeting, anybody can join.
Another way bombers find open Zoom meetings and join in to wreak havoc is they do what’s known as war dialling for Zoom, basically trying all the Zoom meeting IDs to find meetings in progress which have no password.
So, what can you do? Use a password. Every time you have a Zoom meeting, put in a password. Even a simple password will most likely protect you against Zoom bombers. That’s what you should be doing in any case.
Another thing which is good to know is that when you have a Zoom meeting in progress, especially things like corporate meetings where you might be discussing stuff which is not public, it’s possible that people join the meeting not over a video connection, but by dialling in with a phone. And this is pretty invisible. When somebody’s actually dialling in with a phone, you might not recognize that they are in the meeting at all, so this is good to know. Realize that people who get the meeting details might be in the meeting – or an outsider who gets the meeting details might be listening in, and you won’t even realize they are in there.
A similar thing is what you say in the chat during a Zoom meeting. Assume everything you say in the public chat or in a private one-to-one chat during a Zoom meeting will eventually become public. Don’t put secrets in the chat. So that’s basically how you start securing your Zoom meetings.